Skills
skills/membranedev/application-skills/timekit/Gen Agent Trust Hub

timekit

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or obfuscation techniques were detected. The skill follows secure authentication patterns by using a centralized credential manager.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the official @membranehq/cli package from the npm registry, which is an expected dependency for this vendor.
  • [COMMAND_EXECUTION]: Instructions include using the membrane CLI to execute actions and make proxy requests to the Timekit API. These are part of the intended functionality for scheduling automation.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from the Timekit API. 1. Ingestion points: Responses from membrane action run and membrane request (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Command execution via membrane CLI. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:41 PM